internet connection is not working with ARP protection enabled in one LAN

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: internet connection is not working with ARP protection enabled in one LAN

<blockquote><hr>miamia wrote:
Hello Oldsod,
may I have a question?I saw this thread http://forums.zonealarm.org/zonelabs...ssage.id=53594
and there is "ZA | Firewall | Trusted Security Zone | first set the slider to Medium not High. Then open the Custom button. Select the "Medium security settings for the Trusted Zone "....
Why should I use Medium setting for the Trusted Zone only? When I use High setting my connection is lost after time. But I would like to leave my Trusted and Internet Zone Setting on High.
My current settings: Internet Zone- High,
Trusted Zone-Med., unchecked "Automatically check for security enf...", checked "This comp is not on an ICS...". It seems it works but I will see how long time...
<hr></blockquote>
Hi Mia

You may have a question or as many question as you like.
All will be attempted to be answered as best as possible.

Trusted Zone Security slider does the adjusting of the firewall with how it deals or handles the port connections for the Trusted Zone.
The Internet Zone Security slider does the adjusting of the firewall with how it deals or handles the port connections for the Internet Zone.

Basically the firewall (any firewall for that matter) does not control the exact TCP/IP stack or driver - it instead is acting inbetween the stack and the internet/network.
No firewall is replacing the tcp/ip stack of windows - it just steps in the middle and handles things as configured and designed.
Regardless if the ports are open or closed status in windows itself, the firewall steps in between and then controls the port connections and whether or not if the ports are to be stealthed, seen as closed or open.
Basically the firewwall is controlling the traffic to and from the ports, but not actually part of the ports via the tcp/ip stack of windows.

Closed ports are ports that will respond to connections attempts and basically always reply it is not available and the sender will then cease to attempt to connect to the closed port.
A closed port is similar to a closed door - it is closed and there is no enterance.
The closed port is then considered to be 'seen' when it replied back "I am here and do not bother me anymore".
It is visible although not really useable (closed ports will open if they are asked properly or with various tricks, but this is not the usual case - some hackers do know the tricks to 'open' closed ports)

Open ports are ports that respond to connections attempts and basically reply yes it is available and please send more information if you want to connect. Then if the next incoming connection is not related to that open port's useage, then the open port will reply it is not available. It bascially sends back the same message as the closed port - "I am here and do not bother me anymore".
If the incoming connection is designed for that particular port, then the open port will only then allow incoming connections
The open port is then considered to be 'seen' and since it it replied back to the connection attempt it is ready to receive further connections - it is considered to be 'open'.
As to whether or not there are any further connections or actually information entering depends strictly on the reply from the sender showing it is right for that port.
That itself is determined by the actual service/daemon/program associated with that port (netbios is a good example- if something attempts to enter port 139 and it is not designed for that port, even though port 139 is open, there will be no information entering through that port regardless of how many times it attempts to connect. It must have packets showing it is designed strcitly for the service using that port 139 or else no enterance).

Steathed ports are different - there is never a reply as to whether the port is actually open or closed.
Only firewall will stealth ports (even the window's xp firewall will stealth ports) - any networked device has never stealthed ports.
Since there is never a reply as to whether the port is closed or open, the port is then considered to be 'stealthed'.
Stealthed port also means it is similar to a closed port but without the reply that it is closed, but really there is no connections that will pass through by the firewall's stealthing - regardless if the port involved itself is opened or closed.
The port are stealthed by the firewall stepping between the connection and the ports.
Remember the firewaIl is not controlling the actual ports themselves - but it is controlling the connections to and from these ports.

Open and closed port 'states' are 'port status' - so is the newer 'stealthed' port status.

Many firewalls will stealth for the ports by default and offer no slider or settings for adjusting the port status.
Or they will not stealth and offer no port control.
These firewalls are bascially Off or On.
However the ZoneAlarm does offer a slider to vary the port states:
Low is no port control and there is only remaining application control.
Medium is there port control but no stealthing - ports can be sen as either closed or open and the firewall will let outgoing connection to function and if that port desires an open port, then the ZA will allow the connections. The firewall does not step in between the incoming connections and the ports but still controls the outgoing and the application control.
High level is stealthed. There is never a responce from the port.

Trusted Zone is just that - the dhcp and dns servers and any other local area networked device that is allowed.

Internet Zone is just that - everything not Trusted such as web server.

When you set the Trusted Zone Security to High instead of the recommended Medium - it then stealthed the ports and if the the firewall is not configured properly, then the dhcp connections are dropped and thus no more connections.

In other words, DO NOT USE THE HIGH LEVEL for the TRUSTED ZONE SECURITY unless it is perfectly configured with all of the needed expert rules.
On your desktop.

You can use the High level for the Internet Zone Security slider - with no issues unless you are doing IM or some P2P or some program that does need to not have stealthed ports.

Re: internet connection is not working with ARP protection enabled in one LAN

You should not set the router/gateway internet as Internet.
It should be trusted.
There are many connections that must be allowed from the router/gateway that will be dropped by the Internet setting and allowed by using Trusted.
These connections are vital and much needed.

Re: internet connection is not working with ARP protection enabled in one LAN

Next time before going to use the other router, first backup the ZA setting you got now, using the backup feature, then reset the ZA database and then connect to the router with the issue.
Starting the ZA from blank should fix the issue - make sure the probelm router is set as Trusted not internet and follow through with the new alerts.
Once the ZA is settled in, then make a seperate backup for just that one router.

Then the two backups can be used for a comparision of the settings, and it is still useable for the other router; while the other backup can be used still for the other router.

You should be able to see the mistake somewhere and finally be able to use just one backup or setting to use both routers.

Re: internet connection is not working with ARP protection enabled in one LAN

Manually by starting in the safe boot, then deleteing the iamdb.rdb and backup.rdb files or automatically this way:
[*] Hold down the Ctrl and Shift keys together[*] Right click on the ZA icon near your clock[*] Choose 'Reset' from the box that comes up[*] Choose Yes on the Reset Settings dialog box[*] When prompted, choose OK to restart your system [*] Follow the on screen configuration prompts after reboot

Re: internet connection is not working with ARP protection enabled in one LAN

Hello Oldsod,
I will reset settings later.But I found out why I cannot open page (or ICQ,etc) after
few minutes when ARP is active. It is beacause ARP protection blocks comunication to DNS servers. But why?I set expert rule for DHCP but I have no idea why it block DNS servers.
My LAN config is - IP: 192.168.1.10, subnet:255.255.255.0, gateway: 192.168.1.1 (router with DNS) and DNS is the same as gateway.
It is really strange...

Re: internet connection is not working with ARP protection enabled in one LAN

Actually the problem may not be the dns server but the dhcp server - if the connections between the computer and the dhcp server are blocked, then the loss of internet or connections also occurs.
I suspect you still got it mis-configured.

Tried pinging the sites when this happens?
Tried pingin the router and the dns servers?
Got any pings out to the sites?

Re: internet connection is not working with ARP protection enabled in one LAN

unfortunately I am now away from home. But When I tried to open site url as IP it opened site but when I tried www.something.xx it didn't opened website. And skype was connected ok but Qip icq were not (because it using login.icq.com). Therefore I think there is maybe problem with DNS.